Skip to main content


You are here:

Ukraine war holds critical cybersecurity lessons for all organizations

Nine months after Russian forces invaded Ukraine, it’s becoming increasingly clear that the cyber front in this war is every bit as consequential as the military one. And organizations far outside the war zone can’t afford to ignore the cybersecurity lessons being taught on this brutal battlefield.


The warnings have been building since long before Russian soldiers and weapons first began massing at the border, and the conclusions are stark. A report from Forrester in March concluded the invasion threatened to permanently alter the cyberthreat landscape; primarily as Russia accelerated its cyberattacks and cyber-espionage efforts to offset military losses and compensate for expanding economic sanctions. Forrester said Russian cyberattacks had been building for years, targeting Ukrainian financial systems and critical infrastructure. Forrester’s analysts said this was a siren call to CISOs of any organization, in any geography, to ramp up their protective efforts by building stronger internal partnerships and prioritizing cybersecurity spending and resources.

As the threat landscape continues to evolve, organizations may find themselves at risk in similarly fast-evolving ways. Forrester’s report suggests organizations that have made public statements in relation to the war may find themselves at greater risk of being targeted by malevolent, state-sponsored Russian cybercriminals.

Similarly, organizations could be more vulnerable to insider threats from employees or contractors who may not agree with the public positions or statements regarding the invasion. For example, a social media post that describes Russia’s action as an invasion or war – which directly contradicts Russia’s narrative – could trigger an employee to act. Incomplete offboarding activities would make it easy for Russian-sympathetic ex-employees or contractors to wreak havoc on internal systems long after their employment has been terminated. 


Russia has been one of the world’s top supporters – alongside China, Iran, and North Korea – of state-sponsored cybercrime, cyber-espionage, and cyber-warfare for decades. Its ill-advised attack on Ukraine has only served to elevate Russia’s role as a global digital pariah. As Vladimir Putin’s political position becomes ever more tenuous thanks to a military operation that by all estimates has fallen far short of the generals’ best laid plans, he and his supporters will increasingly lean on digitally malevolent investments to advance Russia’s political aims. Whatever happens in Ukraine, expect Russian-sourced cyberthreats to continue to multiply.

As the threat landscape becomes less predictable and more volatile, technology leaders can no longer afford to assume this is something that happens to someone else. In fact, the risk is global in nature, with organizations far from the European theater just as likely to be targeted as those closer to the actual front line.

Cyberwarfare knows no physical borders, after all, an organization in the American or Canadian heartland is just as easily targeted by Russian or state-sponsored cybercriminals as one situated within Ukraine’s borders. 


While the threat environment is becoming ever more turbulent, best practices for mitigating the risks are as straightforward as they’ve always been. Consider implementing the following:

1 – Assess your stance on the invasion. Evaluate your messaging strategy across all public-facing platforms to better understand how it could become a potential trigger. If your organization – or anyone associated with your organization – has commented publicly about the invasion, recognize that this could result in elevated cyberthreats against you.

2 – Amplify communication with senior leadership. Brief everyone in the C-suite as well as their direct reports to ensure everyone with budgetary accountability appreciates how the Ukraine war relates to organizational cyberthreats. Reinforce the need to prioritize cybersecurity-specific budgets, training, and resourcing. Now is not the time to ignore the need to strategically invest to counter the rising threats. Maintain regular communications across the organization to explain to all stakeholders how the threat landscape is evolving, how the organization is adapting, and what you need from them.

3 – Update your disaster recovery and/or business continuity plan. Review existing DRPs or BCPs to ensure they reflect this fast-changing reality. Update all relevant documents accordingly to ensure the organization is prepared for any cyberthreats – DDoS attacks, insider attacks, phishing/identity theft, compromised intellectual property, hijacked social media accounts, etc. – that might arise from the current conflict in Ukraine.

4 – Start simulating. Role-play potential attack scenarios to ensure all response teams are properly prepared, and any gaps are identified – and addressed – long before a real-life scenario presents itself.

5 – Get your developers on-board. Although cyber-first development processes were essential long before Russian forces first rolled into Ukraine, they are even more essential now. If cybersecurity isn’t yet an integral part of your organizational development and product roadmaps, now is the perfect time to start building out this capability.

6 – Put vendors and contractors on notice. Your cybersecurity plan is only as strong as its weakest link, so take steps to ensure third-party providers are aligned with the organization’s risk mitigation strategies and tactics. Challenge them to explain how they, too, will update their own internal operations to mitigate their – and your – risk.

7 –  help from your government. Specifically, most governments had already established national cyber security agencies long before the conflict erupted, and they have been releasing best practices and resources to help organizations, agencies, and citizens protect themselves from Russian digital aggression following the invasion. These include the Cybersecurity and Infrastructure Security Agency in the U.S., the Canadian Centre for Cyber Security, the National Cyber Security Centre (UK), the European Union Agency for Cybersecurity (ENISA), the Federal Office for Information Security (also known as BSI) in Germany, the National Cybersecurity Agency (ANSSI) in France, and the Australian Cyber Security Centre.

As winter descends on Ukraine, no one really knows which direction the conflict will take next, or how long the Russian military aggression will continue. What is known is the cyber front in this war will continue to threaten organizations just like yours in all sectors, and in any geography.